Security Advisory

CVE-2019-12405

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-09 16:36:25

Last updated 2024-08-04 23:17:40

Assigner apache

State PUBLISHED

Description

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that users correct password.

← Browse all CVEs View on cve.org ↗